| FIRELOSS | CYBERLOSS | ||
| Electrical fault causes massive fire at head office premises | Employee clicks on malicious link and systems are encrypted | ||
| IMMEDIATE REACTION | IMMEDIATE CONSEQUENCE | IMMEDIATE REACTION | IMMEDIATE CONSEQUENCE |
| Fire needs to be extinguished | Building cannot be accessed | Virus needs to be removed from the system | IT systems cannot be accessed |
| SECONDARY REACTIONS | SECONDARY CONSEQUENCES | SECONDARY REACTIONS | SECONDARY CONSEQUENCES |
| Alternative office space is required | Alternative accommodation requires paying extra rent | Alternative means of communication and working required in the short term | Labour intensive, creates large amounts of offline information |
| Cause of fire needs investigating | Loss adjusters costs | Cause of computer failure needs investigating to prevent reoccurrence | Specialist IT forensic teams highly expensive |
| Investigations take up management time | Investigations take time, systems still not accessible | ||
| New equipment needs to be purchased | Funds required for new equipment | New "clean" equipment required that is virus free | Some equipment might be irrevocably damaged in the attack and needs replacing |
| Offices need to be rebuilt | Funds needed to rebuild/repair damage depending on the severity of the fire | Systems need rebuilding, data needs to be reconstructed | Takes time. Data which cannot be restored from backups needs to be manually restored. Labour intensive extra staff required |
| Office fit out | Funds required for replacing lost contents | System needs testing to see if they work before roll out | Creates time delays and prevents use of systems, compounding extras costs once systems are restored |
| Lost time in having no offices | Overtime required to catch up with the down time to minimise impact on business | Lost time in having no systems | Overtime to catch up, all the information created offline now needs to be entered back on to the system |
| Lost Sales | Having no office, can result in a direct loss of custom, new orders cannot be taken, existing orders delayed direct impact to cash flow | Cause of computer failure needs investigating to prevent reoccurrence | No IT systems means new orders cannot be processed, existing orders are lost, invoices cannot be generated and sent out, direct impact on cash flow |
| Business moves to competition | Business moves to competition | ||
| Crisis containment/PR | In the event of a fire loss, a company would want to reassure its customers that it’s still able to trade and fulfill requirements to help minimise the damage to a company’s reputation and any loss of trading. This could extend to any environmental impact and responses may include a formal communication strategy to running a 24/7 crisis press office, depending on the severity | Crisis containment/PR | In the event of a data breach, prompt, confident notification and communication is critical to help minimise the damage to a company’s reputation. Responses may include a formal communication strategy to running a 24/7 crisis press office, depending on the severity. |
| Fines/Penalties | H&S investigations, possibility of fines/prosecution | Fines and Penalties | GDPR/ICO investigations and penalties PCI Investigations and fines |
Information Update - Comparing a Cyber Loss and Fire Loss
5/8/2019 12:00:00 AM
Information Update - Comparing a Cyber Loss and Fire Loss
